Qualys Vulnerability Integration troubleshooting

SAVE AS PDF

Qualys Vulnerability Integration troubleshooting

Some commonly encountered issues, along with workarounds are discussed.

Attachments not appearing after import

If attachments are not appearing as expected after a host import, check your IP
restrictions.

IP access restrictions can prevent attachments from being seen unless you are logged in from a
safe IP. So, when you run a host import integration, you do not see the existing attachments. A
new attachment is added with each import, resulting in duplicates you have to remove.

To prevent this situation, check your IP restrictions and add users to the safe list prior to
import.

Modify transform maps

Transform maps are provided with base configurations and are sufficient usually. You
can modify transform mappings depending on the needs of your organization.

Data retrieval limitations

By default, there are no restrictions on how data is retrieved from Qualys. Many records
can be related to low severity vulnerabilities that a customer is not willing to remediate using
their vulnerability response process. Updating the corresponding REST message/method parameters
can modify this behavior.

The REST message/method responsible for this update is Qualys Host Detection –
Standard/post. To update the values, add a new HTTP Query Parameter to the post
method with the following values:

Name: severities

Value: 3-5 (or whatever appropriate severities are desired)

Duplicate vulnerable items

If you see duplicate vulnerable items (multiple vulnerable items, all pointing to the
same Configuration Item and Vulnerability Entry), and the duplicate vulnerable items share
the same creation timestamp, a concurrency issue might be the cause.